Google offers $2 million bounty for Chrome hacks

Shane McGlaun, 17th August 2012

Google has long offered a bug bounty to developers, security specialists and hackers who managed to identify security vulnerabilities in its software.

Exactly how much a positively identified bug is worth obviously depends on its severity, but we do know that Mountain View has already shelled out thousands of dollars for Chrome bugs.

This week, the search giant confirmed it will be holding another competition for hackers willing to target its Chrome web browser. Google ran a similar contest last year dubbed the "Pwnium competition" - with a total of $1 million offered in prize money.

The new competition will see Mountain View raise its bounty stakes to a cool $2 million.

"The first Pwnium competition held earlier this year exceeded our expectations," said Google security engineer Chris Evans. "Most importantly, we were able to make Chromium [the open-source code base on which Chrome is built] significantly stronger based on what we learned."

Pwnium 2 - the 2012 Chrome hacking fest - will be held this October on the sidelines of the Hack in the Box security conference in Kuala Lumpur, Malaysia. Clearly, Google faces some significant competition when it comes to buying the exploits that hackers discover. Not only can hackers sell the exploits on the black market, but Forbes recently reported that government intelligence and law enforcement agencies often purchase exploits to assist with clandestine surveillance missions.

For example, the French-based Vupen showed off an exploit last year at the Pwn2Own competition that targeted Chrome, but the company didn't offer details to Google or anyone else on how the exploit was performed. Company CEO Chaouki Bekrar said at the time that his company would keep the exploit and sell it to its government customers.

Bekrar said, "We wouldn’t share this with Google for even $1 million."